Mcse

Question 1
You are evaluating the advantages of using the Server Core installation option
for your deployment of Windows Server 2012 Standard Edition. Which of the
following is NOT a benefit to Server Core?
a. Increased level of security
b. Increased hardware requirements
c. Minimized patch management
d. Increased number of virtual machines on a single host
Answer: B is the correct answer.
Just the opposite is true. Server Core actually will utilize far less hardware then will the full
version of Windows Server 2012.
Question 2
Which of the following PowerShell cmdlets will you use to determine which
application is utilizing the most system resources?
a.
b.
c.
d.
Get-service
Get-process
Get-command
Get-eventlog
Answer: B is correct.
The Get-Process cmdlet can be used to produce a list of running processes which will include
both memory and CPU utilization and can be used to evaluate resource usage.
Tel: 1 800.418.6789 | www.learnsmartsystems.com
Question 3
Which of the following file systems increase the integrity and efficiency of
the storage structure while continuing to be backwards compatible with
older operating systems and security structures that are already in place?
a.
b.
c.
d.
ReFS
NTFS
FAT
FAT32
Answer: A is correct.
ReFS is based on the NTFS file system and provides enhancements in numerous areas. It
was introduced with Windows Server 2012. Because ReFS uses a subset of features from
NTFS, it is designed to maintain backward compatibility with NTFS.
Question 4
Which of the following features in Windows Server 2012 will allow for the
creation of fault tolerant volumes such as striped, mirrored, and RAID 5
using a software version of these technologies?
a.
b.
c.
d.
Basic disks
Dynamic disks
MBR partitions
GPT partitions
In order to create multi-disk volumes you must use dynamic disks. The conversion to
dynamic disks will be done automatically but is required in order to implement software
RAID as mentioned above.
Question 5
Which of the following is not an advantage that hardware
RAID implementations will have in comparison with software
RAID implementations?
a.
b.
c.
d.
Easier configuration
Ability to store operating system and boot volumes
Increased performance
Increased levels of fault tolerance
Software RAID is easily configured within the operating system and can be done
post installation while a hardware RAID controller is a hardware device that must be
configured using BIOS setup programs prior to installing Windows. Not difficult but it
cant be called easier.
Question 6
You would like to create a virtual disk that provides the ability to easily
add additional physical disks to the storage pool at a later time without
requiring reconfiguration. Additionally you would like to list the storage
available on the disk as greater than that which is currently available and
add disks as needed once the volume fills up. What should you configure?
a.
b.
c.
d.
Hot spare drives

Data store drives
Fixed provisioning
Thin provisioning
Answer: D is correct.
Thin provisioning is a mechanism that allows storage to be easily allocated on a justenough and JIT basis. Storage capacity in the pool is organized into provisioning slabs
that are not allocated until the point in time when datasets grow to require the storage.
Question 7
Which of the following is the easiest method for configuring Server Core
directly following the installation process?
a.
b.
c.
d.
Remote MMC
Remote PowerShell
Sconfig.cmd
Servermanagercmd.exe
Answer: C is correct.
Sconfig.cmd is a batch file style utility that provides the initial configuration of Server
Core. Once the server is configured and made a member of the domain the other
methods can be used for ongoing management.
Question 8
You are planning the storage of data in Windows Server 2012 and are
trying to determine the appropriate NTFS permissions to allocate to a
directory. Which of the following rules is NOT a rule for NTFS permissions?
a. Permissions only apply when files are accessed over
the network
b. All files and folders have an ACL
c. Permissions entries can allow or deny permissions to users
or groups
d. Permissions are inherited by child objects
NTFS permissions will apply regardless of how the file is accessed whether locally or over
the network.
Question 9
You would like to ensure that when a user connects to a shared folder
they only see those items for which they have at least Read permission
and will not see any other items in the folder. What should you do in order
to configure this?
a. Use the properties of the folder in Windows Explorer and
modify shared folder permissions
b. Use the properties of the folder in Windows Explorer and enable
access based numeration
c. Use the File and Storage Services in Server Manager and enable
access based enumeration on the shared folder
d. Use Shared Folders MMC snap-in and enable access based
enumeration on the share
The access based enumeration feature will ensure that users are only able to see those
items for which they have at least Read permission. This feature can only be enabled
using the settings of the share or the New Share wizard in the File and storage Services
section of Server manager.
Question 10
You are investigating the use of print servers in order to implement a
more centralized approach to print management for your company. Which
of the following is NOT a benefit of centralized print management using
servers running Windows Server 2012?
a.
b.
c.
d.
Lower cost for print devices

Simplified troubleshooting
Publishing in AD DS and deployment through Group Policy
Centralized management of security and drivers
The cost of the print devices does not change although the number and type might
change. If anything, enterprise printing usually will use higher cost print devices but the
other advantages will result in a lower TCO over time.
Question 11
You have assigned the following permissions to a shared directory
on an NTFS partition. Sales users (READ), Sales Managers (MODIFY),
Administrators (FULL CONTROL), Marketing (READ/WRITE) and the Shared
folder permissions are Everyone (FULL CONTROL). When a user, Bob, who
is a member of both the Sales and Marketing groups accesses the folder
what will be his effective permission to files within the folder?
a.
b.
c.
d.
Read
Read/Write
Modify
Full control
Since Bob is a member of both groups and there are no Deny entries, he will receive
the least restrictive of both NTFS permissions which is Read/Write. When this is
compared with the Shared folder permission of Full Control, the NTFS will win as
the most restrictive permission.
Question 12
You have configured multiple printers to point to a single print device,
and configured priorities so that all print jobs sent through the Managers
printer will have a higher priority than those sent through the Users
printer. What is the final step to deploying printing priorities?
a.
b.
c.
d.
Nothing additional is needed

Enable printer pooling
Configure schedules for each printer
Configure permissions for each printer
While its not technically required, if you want to restrict who can use the high
priority printer, which will always be the case, then you need to configure the
permissions appropriately.
Question 13
Which of the following features in Hyper-V will provide the ability to use
only the required amount of memory during virtual machine startup while
reducing that amount once the system is up and running?
a.
b.
c.
d.
Dynamic memory
Smart paging
Minimum RAM
Startup RAM
While Dynamic memory makes all of these settings available it is ultimately the Startup
RAM value that will specify the amount of memory that should be used to boot a VM.
Question 14
Which of the following virtualization types will allow for clients to
operate inside their own virtual machine environment, where the virtual
machine is actually stored on a host server accessible across the LAN or in
a private cloud?
a.
b.
c.
d.
App-V
RDS
VDI
Azure
A Virtual Desktop Infrastructure provides this type of desktop virtualization which
provides a separate virtual machine for each user which is accessible over the network
through the use of clients such as the Remote Desktop client.
Question 15
Which of the following features for Hyper-V will provide the ability
to better integrate with the guest operating systems and perform
time synchronization and is required to use certain types of hardware
components such as synthetic network adapters?
a.
b.
c.
d.
Virtual Machine Integration Services

Dynamic memory
Resource metering
Virtual network switches
You must install Virtual Machine Integration Services if you want to use features such as
operating system shutdown and time synchronization, and if you want to install virtual
hardware components, such as SCSI adapters and synthetic network adapters, onto the
virtual machines.
Question 16
Which of the following network features provides the ability to ensure
that the virtual machines will not receive IP address configuration from
unauthorized servers?
a.
b.
c.
d.
DHCP authorization in Active Directory

DHCP validation
DHCP guard
Router guard
This feature drops DHCP messages from virtual machines that are functioning as
unauthorized DHCP servers. This may be necessary in scenarios where you are managing
a server running Hyper-V that hosts virtual machines for others, but does not have direct
control over the configuration of those virtual machines.
Question 17
Using Virtual PC on a Windows 7 box and configuring Hyper-V on a
Windows 8 machine uses the same type of virtualization with similar
performance. True or False?
a. True
b. False
This is a false statement. Hyper-V is not just another desktop virtualization type. It is
implementing a hypervisor which gives direct access to the hardware at the VM level and
greatly increases performance.
Question 18
You have installed the DHCP server role on a Windows Server 2012
machine. However, the DHCP service will not start and you need to fix the
problem. What should you do first?
a. Restart the server
b. Authorize the server using Active Directory users
and Computers
c. Authorize the server using the DHCP Manager
d. Log in with an account that has domain
administrative privileges
You use the DHCP Manager utility to authorize the server and the server will not run
in an Active Directory environment unless authorized. You must be a member of the
Enterprise Admins group in order to authorize DHCP servers.
Question 19
You are attempting to ensure that when a print device communicates with
the DHCP server that print device always receives the same IP address. You
do not want to manually configure IP settings on the print device, what
should you do?
a.
b.
c.
d.
Configure a client reservation

Configure reservation specific options
Configure a MAC address filter
Configure an exclusion for the print device
Client reservations will reserve an IP address for a specific MAC address, in this case the
MAC address of the print device. It ensures that DHCP clients will always receive the same
IP address which is sometimes optimal as in the case of servers and printers.
Question 20
You have installed DHCP, authorized the server, and created a scope of IP
addresses. However, clients are still unable to receive an IP address from
the server. What should you do?
a.
b.
c.
d.
Restart the service

Activate the scope
Create client reservations
Delete and recreate the scope
The final step to implement DHCP is to activate the scope thus making the IP addresses
inside the scope available to client computers.
Question 21
Which of the following resource records in DNS is used to assign an alias
to a host that already has a standard host record?
a.
b.
c.
d.
CNAME
MX
PTR
SOA
The CNAME record assigns an additional alias to a host that already has an FQDN in
the database.
Question 22
You want to configure your server to direct all remote name queries to
the appropriate name servers using the root hints with a single exception.
You have a partner organization and a VPN connection. The partner
organization uses a private namespace. What should you configure to
ensure your DNS server handles Internet name resolution queries and
queries for the partner organization correctly?
a.
b.
c.
d.
Configure a secondary zone

Configure a sub zone
Configure a forwarder
Configure a conditional forwarder
A conditional forwarder is an address to forward queries that is based on the criteria
of the domain name being requested. This is perfect for this scenario because only
queries destined for the partner domains internal namespace would be directed to that
authoritative server while all others would use root hints.
Question 23
Which of the following zone types is a read-only copy of the zone that
gets updates from a master server and provides information needed to
resolve the names of the authoritative servers only?
a.
b.
c.
d.
Stub
Secondary
Primary
Active Directory integrated
A stub zone is a special kind of secondary zone in that it does not contain all records but
only those records that are required to communicate with the authoritative name servers.
Question 24
Which of the following TCP/IP core protocols has the primary
responsibility of assembling and reassembling data for transmission while
also establishing communication sessions, sending acknowledgements,
and performing error checking?
a.
b.
c.
d.
TCP
UDP
IP
ICMP
TCP provides connection-oriented reliable communications for applications.
Connection-oriented communication confirms that the destination is ready to receive
data before it sends the data. To make communication reliable, TCP confirms that all
packets are received. Reliable communication is desired in most cases, and is used by
most applications.
Question 25
Which of the following subnet masks cannot be used as it is not a
valid number?
a.
b.
c.
d.
255.255.255.0
255.0.0.0
255.0.255.0
255.255.0.0
Subnet masks are binary numbers written in decimal notation and must be a series of
contiguous ones followed by contiguous zeroes. This number is invalid because the 1s
stop and then start again in the 3rd octet.
Question 26
Which of the following addresses may be used directly on the Internet
without the use of Network Address Translation devices?
a.
b.
c.
d.
172.16.0.20
192.168.1.117
10.0.5.231
173.24.117.130
The only public IP address in the list is D and a public address is required if you want
to be able to connect directly to the Internet without a device that performs Network
Address Translation.
Question 27
Which of the following is NOT an advantage of IPv6 over IPv4?
a.
b.
c.
d.
Simpler address autoconfiguration

More available addresses
Integrated security
Compatibility with older operating systems
IPv6 is compatible with many previous versions of Windows and non-Microsoft operating
systems but this really isnt an advantage over IPv4 since it would have been compatible
with even more older operating systems.
Question 28
Which of the following groups is a special group that contains users that
are currently accessing a server over the network and can be used to
assign permissions that are unique to network users and would not apply
to those accessing the server directly?
a.
b.
c.
d.
Everyone
Network
Interactive
Authenticated Users
The network group represents users accessing a resource over the network, as opposed
to users who are logged on locally at the computer that is hosting the resource. When a
user accesses any given resource over the network, the user is added automatically to the
network group for that resource.
Question 29
Which of the following utilities provides complete management of
the deployment process from a command line as an alternative to the
graphical tools that are available?
a.
b.
c.
d.
Wdsutil.exe
Dism.exe
Imagex.exe
Sysprep.exe
WDSUTIL is the command-line utility for Windows deployment services. Your choices are
Windows SIM, WDS management console and the WDSUTIL for most administrative tasks.
Question 30
You have installed the Windows deployment server and are trying to
perform some of the initial configuration of the server role. Which of
the following tasks must be done before the server will deploy images
to clients?
a.
b.
c.
d.
Configure PXE response settings

Create a capture image
Configure an additional partition to hold images
Separate the DHCP and WDS services
You must configure the PXE response settings in order to respond to clients as the
default setting is not to respond. You must also create images but they dont have to be
capture images and while the others might be recommended they are not required.
Question 31
Which of the following utilities will you use to simplify the process of
creating answer files to be used in automated setups?
a.
b.
c.
d.
Windows PE
Dism
Imagex
WAIK
The windows automated installation kit is not required but greatly simplifies the creation
of answer files through the Windows SIM utility that is a part of it. It also simplifies the
management of images for deployment.
Question 32
You are attempting to create a baseline of performance data that can be
used in the future to verify the configuration and performance statistics of
the servers. Which of the following tools is best suited for the job?
a.
b.
c.
d.
Resource Monitor
Performance Monitor
Task Manager
Event Viewer
Performance Monitor can monitor in real time as well as log information for later
analysis. Large amounts of data can be captured on a scheduled basis and its perfect
for creating baselines.
Question 33
You would like to configure a server so that when a specific event is raised
you are made aware via an email message. Which of the following should
you configure?
a.
b.
c.
d.
Performance Monitor Alert

Data Collector Set Action
Event Viewer Notification
Event Viewer Subscription
With notifications in event viewer you can associate an email task notification with a
specific event.
Question 34
You would like to implement a multi-server WSUS infrastructure for your
multi-site environment. You have branch offices with 100-200 users and
would like a server locally to distribute the updates. You do not want to
require direct administration of the servers in order to approve updates.
What should you do?
a. Configure downstream servers
b. Configure downstream servers that sync directly from
Microsoft update
c. Configure a replica server
d. Configure a standalone server
Replica servers will not require direct administration in order to approve updates as they
will mirror their upstream partners.
Question 35
Which of the following options in Group Policy provides the ability to
automatically populate computer groups for the purpose of distributing
approved updates?
a.
b.
c.
d.
Specify Microsoft Intranet update server location

Enable Client side targeting
Turn on software notifications
Delay restart for scheduled installation
Client Side targeting is the option that can automatically assign a computer group to all
computers that fall under the scope of the specific GPO.
Question 36
You are looking to install a role service in Windows Server 2012 that
will provide additional capabilities in relation to storage and capacity
management for your environment. Which role service should you install?
a.
b.
c.
d.
FSRM
DFS
File and Storage Server
EFS
File Server Resource Manager provides additional capacity management capabilities of
controlling storage utilization from a size and file group perspective as well as enhanced
reporting capabilities to monitor current storage use.
Question 37
Which of the following FSRM components would you configure in order
to control which types of files are able to be stored in a specific folder
location on the server?
a.
b.
c.
d.
Quotas
File screen templates
File screen
File management tasks
File screens will disallow certain file types and groups in specific locations on a Windows
Server 2012 machine.
Question 38
You would like to configure a quota for all the folders on the storage drive
of a Windows Server 2012 machine to limit the disk space that is used. You
would like to prevent users or applications from being able to exceed the
quota limit. What type of quota should you implement?
a.
b.
c.
d.
Active
Passive
Soft
Hard
Hard quotas actually prevent users or applications from going over storage limits while
soft quotas are primarily for monitoring purposes.
Question 39
Which of the following types of encryption is used for the EFS File
Encryption Key?
a.
b.
c.
d.
Hashing
Symmetric
Asymmetric
Public key
Symmetric key encryption actually protects the data in the file using a File
Encryption Key.
Question 40
You would like to audit account logons to your network in order to
determine whether unauthorized access is happening after hours. You are
concerned with the types of events and specifically the number of events
that could be generated. What can you do to limit the events while still
being able to track the required information?
a. Configure only failure account logon auditing
b. Configure success and failure account logon auditing
c. Configure advanced auditing for account logon and eliminate
sub-categories that track Kerberos ticket operations
d. Configure advance auditing for logon and eliminate the subcategories that track special logon events
You need to audit the account logon category and by eliminating the sub categories that
deal with background Kerberos ticket operations you will significantly cut down on the
events which are logged.
Question 41
You would like to prevent the use of EFS in your environment since you
are afraid that users will misuse the privilege and really dont need the
additional security. What should you do?
a.
b.
c.
d.
Disable EFS in the file system

Disable EFS in the local security policy of each computer
Disable EFS in the GPO linked to the domain
Disable EFS on the user properties in AD DS
You can easily disable EFS using a GPO linked to the domain to prevent users from
encrypting files and folders.
Question 42
Which of the following types of records is the first resource record
created in the zone and the record that is used to control the zone
transfer process to servers holding secondary copies of the zone?
a.
b.
c.
d.
NS
SOA
SRV
PTR
The Start of Authority record is the first record created in the zone and establishes the
master server and controls zone transfer processes.
Question 43
You are attempting to configure your server for name resolution between
you and a partner organization. This name resolution must be configured
locally with the internal namespace of the partner organization and the
communication will be across a VPN. You are not permitted to do zone
transfers across the VPN. What configuration should you use?
a.
b.
c.
d.
Forwarders
Root hints
Hosts file
Conditional forwarder
A Conditional forwarder for the internal namespace of the partner organization can be
created on your server which will ensure that name queries for the partner organization
are directed to the DNS server across the VPN but will not require zone transfers.
Question 44
Currently you have a DNS server called DNS1 that contains a zone which
holds a parent domain and three child domains called training.com,
sales.training.com, tech.training.com, and ops.training.com. You would like
to offload the queries to the ops.training.com to a DNS server known as
DNS2 in a branch office. What should you do? (Choose two)
a.
b.
c.
d.
A additional zone on DNS1

A delegation on DNS1
A primary zone on DNS2
A secondary zone on DNS2
Answer: B, C are correct.

You need to create a delegation on the parent server which configures the server to
forward the queries for the child domain to another server. You then need to configure a
primary zone on the destination server so that it will be able to respond to the queries.
Question 45
You would like to configure a DNS server at a branch office that contains
20 users. The WAN link to this branch office is very slow and already has
heavy bandwidth utilization. You are attempting to speed up local name
resolution requests and centralize a cache for the clients but do not want
to increase traffic across the WAN. What should you do?
a. Install the DNS role on the branch server and create a
primary zone
b. Install the DNS role on the branch server and create a stub zone
c. Install the DNS role on the branch server
d. Install the DNS role on the branch server and
configure forwarding
You can install a caching-only server to create a central cache while not increasing traffic
over the WAN link. Since the caching-only server does not have any zones it does not take
part in zone transfer traffic.
Question 46
You are configuring Windows 7 client machines to utilize a VPN
connection in order to connect to the corporate network. You need to
ensure that when users move from one coverage area to another their
VPN connection is automatically reconnected. Which of the following VPN
types should you configure?
a.
b.
c.
d.
PPTP
L2TP/IPSec
SSTP
IKEv2
You must use the IKEv2 (Internet Key Exchange) VPN type which is supported in Windows
7 and 8 in order to use the VPN reconnect option. This option is automatic when
choosing this type of VPN.
Question 47
You are examining the requirements for DirectAccess in order to
implement it in your environment. Which of the following components
serves as the mechanism for a client to determine whether or not it is
on the local network and should communicate directly with resources
internal or external, in which case is should utilize the DA server?
a.
b.
c.
d.
NRPT
NLS
AD DS Domain Controller
DNS Server
The NLS (network location server) is the server role that is used by clients to determine
their location as being internal or external and will result in DirectAccess being enabled
or disabled.
Question 48
Which of the following components in a Direct Access infrastructure
is used to control IPSec settings for security between clients and
internal resources?
a.
b.
c.
d.
NRPT
NLS
Group Policy
Connection Security Rules
Connection security rules are ultimately the way in which IPSec protection is applied to
the connections.
Question 49
You have installed the Network Policy Server role on a Windows Server
2012 machine. You want this machine to function as a RADIUS proxy and
forward authentication requests to two separate domains based on the
conditions of the connection. What should you do in order to implement
this functionality?
a. Delete the default network policies
b. Delete the default network policies and create
additional policies
c. Delete the default connection request policy
d. Delete the default connection request policy and create
additional policies
You should delete or modify the default connection request policy that uses local
authentication providers. You should then create an additional connection request policy
for each domain that you will be forwarding authentication requests.
Question 50
You are looking to implement certificate-based authentication methods
using the Network Policy server role installed on a Windows Server
2012 machine. Which of the following options should you use in order
to require server and client authentication via certificates but user
authentication via passwords?
a.
b.
c.
d.
EAP-TLS
PEAP-TLS
PEAP-MS-CHAP
MS-CHAPv2
With Protected EAP the initial communication session is encrypted. There is a mutual
authentication between client and server using certificates, however, the MD5 hashing
algorithm is then used for password based authentication of user accounts.
Question 51
Which of the following enforcement methods is used when you need to
ensure that both corporate desktops and visiting laptops are compliant
with organizational health requirements before being able to connect but
still provides a strong level of security?
a.
b.
c.
d.
IPSec
802.1x
VPN
DHCP
802.1x enforcement can be provided by both WAPs and 802.1x authenticating switches.
This way it can be used both with domain members as well as visiting laptops. DHCP
enforcement provides this capability but is very easy to circumvent so it cant be said to
provide a strong level of security.
Question 52
You have installed and configured NAP in your organization. You have
configured the DHCP server to enable NAP on all scopes. You have
configured the default SHV and created health policies to determine the
status of client computers. Clients are still able to get an IP address even
though they arent compliant with the current configuration. What should
you do?
a. Modify the local policy of the clients to enable NAP
b. Configure a GPO to deploy NAP settings and link it to the OU
containing user accounts
c. Configure a GPO to deploy NAP settings and link it to
the domain
d. Configure additional health policies and SHVs
You should configure a GPO to enable the NAP service and set the startup type to
automatic, enable the DHCP enforcement client, and turn on the Security center. All of
these settings are required for computers in order to have NAP function properly.
Question 53
Which of the following are you able to confirm when using health policies
and Network Access protection in its default configuration?
a.
b.
c.
d.
Anti-virus installed
Anti-spyware installed
Anti-virus definitions up to date
Anti-virus version
Answer: A, B, and C are correct.

The only thing you cannot confirm without the addition of third party SHVs would be the
specific version or type of AV software that is used.
Question 54
You are concerned that clients who are restricted when using VPN
enforcement may be able to communicate with network servers beyond
the appropriate methods. Where should you look to control the types of
communication that a restricted client can take part in?
a.
b.
c.
d.
IP packet filters
Remediation servers
Remediation server groups
VPN server
VPN enforcement uses IP packet filters in order to control communication from client
computers to other network resources. In order to see the types of communication
allowed you should review the settings on the packet filters.
Question 55
Which of the following features of Windows Server 2012 can you use
to ease the administrative burden of creating multiple policies on the
same server?
a.
b.
c.
d.
NPS templates
Network policies
Health policies
RADIUS
Network Policy Server templates provide the ability to create configurations that
can be duplicated quickly and easily to facilitate remote access authorization in
larger environments.
Question 56
Which of the following components of the network policy is used
to determine whether or not the policy is applied to a particular
connection attempt?
a.
b.
c.
d.
Conditions
Constraints
Settings
Permissions
The conditions of the policy are the characteristics that are matched against the
incoming connection attempt. If a connection attempt matches the conditions of
a policy then the policy applies to that connection and is used to determine
connection authorization.
Question 57
Which of the following components in the logical structure is the core
boundary for security and replication in an Active Directory environment
and can be arranged in parent-child relationships?
a.
b.
c.
d.
Trees
Forests
OUs
Domains
The domain is the core unit in the logical structure of Active Directory providing a
security boundary for administrators and users and a replication boundary. They can be
arranged in domain trees, which are parent-child relationships.
Question 58
You have deployed an RODC in a branch office in Utah. Users complain
that logons are not any quicker then before the RODC was put into place.
After investigation you see that the RODC has not cached any users
passwords. What should you do in order to ensure that passwords for the
Utah users are cached? Your organization only has a single RODC.
a. Add Utah users to the Deny Password Replication group
b. Add Utah users to the Allow Password Replication group
c. Add Utah group to the Password Replication Policy list
as Allowed
d. Prepopulate the passwords for the Utah group on the RODC
That problem is that the users were not a member of the only group which by default
allows the caching of passwords. If the organization had multiple RODCs then you would
want to create a group specific to that branch but in this situation you can just use the
default Allowed Password Replication group.
Question 59
The first domain controller for your forest has suffered a hardware failure.
You have additional domain controllers and everything seems to be
working, however, you had not moved any of the FSMO roles and all were
in default locations. Which of the roles should you seize onto another
domain controller fairly quickly as it affects day-to-day operations such as
time synchronization within the domain?
a.
b.
c.
d.
Domain Naming Master

Infrastructure Master
PDC Emulator
RID Master
The only FSMO role that really affects day-to-day operations is the PDC emulator role.
The other roles are important but can be down for an extended period of time without
causing problems.
Question 60
Which of the following parameters is used to influence which attributes
are returned when you execute Get cmdlets for retrieving users,
computers, groups, etc. in Active Directory?
a.
b.
c.
d.
Format-list
Format-table
Attributes
Properties
The Properties parameter is used to tell PowerShell which attributes you would like
included in the results of a Get-AD cmdlet. Otherwise only the default set of attributes
is retrieved.
Question 61
You are interested in using the new group managed service accounts on
application servers in your organization. You know that there are some
specific requirements in order to be able to implement these special
types of accounts. Which of the following would prevent you from using a
managed service account?
a.
b.
c.
d.
A Windows Server 2008 R2 machine

A Windows Server 2012 machine
Windows Server 2008 functional level
Windows Server 2008 machines only
You need a server running Windows Server 2008 R2 or Windows Server 2012 in order
to use managed service accounts. They can be used in mixed environments but with
additional requirements. It would require the Windows Server 2008 R2 schema updates
and the Active Directory Gateway service to be installed.
Question 62
You are going to create Password Settings Objects (PSO) that will apply
stricter password settings to your administrative users and help desk
personnel. Which of the following utilities should you use?
a.
b.
c.
d.
Active Directory Users and Computers

ADSIEdit.msc
Active Directory Administrative Center
Active Directory Domains and Trusts
The Active Directory administrative center provides a graphical interface for configuring
Password Settings Objects for groups within your domain.
Question 63
You would like to determine the order which PSO applies to a user named
Tom Smith. Tom is a member of both the IT Admins group and the Chicago
Managers group being the IT Manager in Chicago. Both groups have PSOs
applied to them. In this situation which of the following descriptions is
accurate in describing which PSO will win?
a.
b.
c.
d.
The PSO with the highest precedence value will win

The PSO with the lowest precedence value will win
Since there are conflicting settings the domain policy will win
In this scenario a PSO must be directly applied to Toms
user account
Though it sounds strange, with this integer value the lower the number the higher the
priority. Essentially 1 is the highest priority and all others follow suit.
Question 64
A user account resides in a Users OU in the Marketing OU at the root
level of the adatum.com domain. Which of the following accurately
describes the order of precedence as it relates to policy processing for
this user account?
a. Local policies, site policies, domain policies, parent OU, and child
OU will be processed and if conflicting settings exist the last
setting will win
b. Only the OU policies will be processed
c. Site policies, domain policies, parent OU and child OU policies
will be processed and if conflicting settings exist the domain
policies will win
d. Site policies, domain policies, parent OU and child OU policies
will be processed and if conflicting settings exist the OU
policies will win
All types of policies are processed and in this order. Also all settings will apply unless
there are conflicts at which point the child settings, or the last settings applied, will win.
Question 65
Which of the following options will ensure that corporate security policies
are always followed for all computers in the domain and in child OUs?
a.
b.
c.
d.
Linking policies to multiple containers

Enforcing the policy link at the domain
Configuring Block Inheritance on child OUs
Configuring the settings in a domain based policy
You should link the policy to the domain and configure Enforced on the link. This will
ensure that the policy cannot be overridden by conflicting settings and will also beat the
Block Inheritance setting at the OU level.
Question 66
You would like to duplicate the settings from a GPO that was backed up
a few days ago. The current GPO has been changed but you would like to
use the settings from a backup to create a new GPO. What should you do?
a. Create a new GPO, copy and paste the settings from an
existing GPO
b. Backup the current GPO, create a new GPO, and import the
settings from the latest backup
c. Create new GPO, import the settings from the appropriate
backup of the current GPO
d. Copy the existing GPO, paste the GPO into the Group Policy
objects container to create a new copy of the GPO
When you import settings you are prompted to choose a backup from which to import
the settings. In this case you would like to create a GPO with the settings from a backup
of the current GPO, before it was changed.
Question 67
Which of the following utilities will provide the ability to test
the application of Group Policies before they are deployed in a
production environment?
a.
b.
c.
d.
Group Policy Modeling

Group Policy Results
Group Policy Event Logs
GPUPDATE
The modeling wizard provides a hypothetical simulation that can be used to determine
the result of applying GPOs to a computer or user account.
Question 68
Which of the following would you use in order to ensure that user
documents were always accessible via the network regardless of the
computer that a user logs in to?
a.
b.
c.
d.
Software deployment
Mapping drives with scripts
Mapping drives with preferences
Folder redirection
Folder redirection will take profile folders and place them in a network location making
them accessible from multiple computers.
Question 69
Which of the following is NOT a benefit to using folder redirection with
Group Policy?
a.
b.
c.
d.
Centralized location for data storage

User information is accessible to everyone
User data can be backed up
Data is accessible even when disconnected from the network
The users folders are not necessarily accessible to everyone but only to that particular
user. Privacy is maintained even though the data is stored in a network shared location.
Question 70
You are looking to implement a mechanism which will optimize the
utilization of a WAN link for a branch office in your organization. This
branch office has slow connectivity to the main office and consists of
multiple Windows 7 and Windows 8 workstations only. What should
you implement?
a.
b.
c.
d.
Branch Cache hosted mode

Branch Cache distributed mode
FSRM file classifications
Shared Folder automatic caching
You should implement distributed mode with Branch Cache. This will allow the clients
to cache HTTP and SMB data on the local machines. Future access requests to the server
will return the hash information about the files, then clients will query one another to
determine whether the file has already been cached at the branch office.
Question 71
Which of the following Windows Server 2012 components will
provide the ability to manage storage quotas, file classifications, and
file screen auditing?
a.
b.
c.
d.
Branch Cache for Network Files

File and Storage Services
Branch Cache
File Server Resource Manager
FSRM is used to increase the capabilities of Windows Server 2012 file servers to include
the ability to manage storage quotas, control types of files created on the server,
configure storage reports, and assign file classifications.
Question 72
You are evaluating the various advanced file services for Windows Server
2012. Which of the following features will decrease the amount of storage
space on a file server using a simple automated process?
a.
b.
c.
d.
Data Deduplication
Features on Demand
Branch Cache
Storage quotas
Data deduplication identifies and removes duplications within data without
compromising the integrity of the data. Data deduplication is highly scalable, resource
efficient, and nonintrusive. It can run concurrently on large volumes of primary data
without affecting other workloads on the server. Low impact on server workloads is
maintained by throttling the CPU and memory resources that are consumed. Using data
deduplication jobs, you can schedule when data deduplication should run, specify the
resources to deduplicate and fine-tune file selection.
Question 73
You are looking to implement Branch Cache in your organization. Which of
the following components will not benefit from Branch Cache?
a.
b.
c.
d.
File Servers
Clients in remote offices
Clients accessing WSUS servers in a corporate office
Clients access Web Servers in a corporate office
The file servers will have branch cache enabled but it will not benefit them. Instead it
would benefit the clients that are accessing the file servers.
Question 74
Which of the following consists of one or more central access rules and
is used to determine the various properties that can be used to control
access across file servers in your organization?
a.
b.
c.
d.
Central access rules

Central access policies
Global resource property set
User and device claims
The Central Access policy is a fundamental component of dynamic access control.
This Windows Server 2012 feature enables administrators to create policies that
they can apply to one or more file servers. You create policies in the Active Directory
Administrative Center, which then stores them in ADDS, and you then apply them by
using Group Policy. The central access policy contains one or more central access policy
rules. Each rule contains settings that determine applicability and permissions.
Question 75
Which of the following options, only available in Windows 8 and Windows
Server 2012, will provide more meaningful messages to users when
attempting to access files and should decrease support calls due to
incorrect permissions or access control settings?
a.
b.
c.
d.

Classification properties
Access denied assistance
Classification rules
Access Denied Assistance, a feature in the Windows 8 operating system, helps end
users determine why they cannot access a resource. It also allows IT staff to properly
diagnose a problem, and then direct the resolution. Windows Server 2012 enables you to
customize messages about denied access, and provide users with the ability to request
access without contacting the help desk or IT team.
Question 76
Which of the following components that is a part of a dynamic access
control model is used to match an incoming claim with an entry providing
access to a file or folder?
a.
b.
c.
d.
Classification rules
Classification properties
Resource property objects
The Resource property object is on the resource (file/folder) and is matched against
a user or device claim. Claims must match the resource property in order for access to
be granted.
Question 77
You have created classification policies and classification rules in
order to identify files on your Windows Server 2012 file server that
contain sensitive information. What should you do next prior to
implementing dynamic access control mechanisms based on those
classification properties?
a.
b.
c.
d.
Configure a Classification Rules schedule

Configure a resource property set
Configure a central access rule
Configure a central access policy
You need to schedule the rules to run so that files will be classified automatically and
dynamic access control will function properly.
Question 78
You would like to implement a configuration on your DHCP server that
will prevent non-Windows clients from updating DNS records that were
originally created by Windows computers. Which should you implement?
a.
b.
c.
d.
Dynamic Updates
Secure Dynamic Updates
Option 81
Name Protection
Name protection does just this, prevents non-Windows clients from updating records
that were additionally created by Windows clients.
Question 79
Which of the following DNS options is used to enforce security
ensuring that saved query information on the server cannot be corrupted
and/or modified?
a.
b.
c.
d.
Socket pool
DNSSEC
Cache Locking
Global Names
Cache locking prevents cached entries on the DNS server from being modified until a
configurable portion of the TTL has expired.
Question 80
Which of the following components in a DNSSec implementation is used
in order to configure the clients for DNSSec and is usually configured via
Group Policy in Active Directory?
a.
b.
c.
d.
NRPT
KSK
ZSK
DNSKEY
NRPT is the Name Resolution Policy Table and is configured via Group Policy in order to
achieve consistency across multiple client computers. It defines the domain names for
which DNSSec is enabled.
Question 81
You are evaluating the use of the new IPAM feature in Windows Server
2012 in order to implement centralized management and monitoring
of DNS and DHCP servers in your network infrastructure. Which of the
following is not a feature of IPAM?
a. Track potential configuration changes across multiple
DHCP servers
b. Configure Scope and server options across multiple
DHCP servers
c. Manage IP address allocations for statically
configured machines
d. Manage the IP address allocations for network devices such
as printers
One of the limitations of IPAM is its inability to work with and control
non-Windows devices. This is a limitation that will decrease the use of this
feature in Windows environments.
Question 82
Which of the following components in an AD DS distributed environment
is used to create logical boundaries for both replication and security
providing a distinct level of isolation between organizations or different
parts of the same organization?
a.
b.
c.
d.
Forest
Tree
Domain
Global Catalog
The AD forest is a security boundary, administrative boundary, and replication boundary
providing a distinct level of isolation as mentioned in the scenario.
Question 83
You are looking to implement name resolution in a multi-namespace
environment. Specifically you have multiple internal domains that need to
be resolved correctly. You use different DNS servers in each location which
contain information only in regards to their own domain. The DNS server
addresses are configured statically but firewall configuration will prevent
zone transfer traffic that is not related to AD replication. What should you
configure in order to achieve appropriate name resolution throughout
your environment?
a.
b.
c.
d.
Stub zones
AD integrated zones
Conditional forwarding
Forwarders
You should enable conditional forwarding. You also can use conditional forwarders to
forward queries according to specific domain names. A conditional forwarder is a setting
that you configure on a DNS server that enables forwarding DNS queries based on the
querys DNS domain name.
Question 84
You are evaluating the use of trust relationships in your multiple domain
AD DS deployment. You need to implement a trust that is used to provide
direct access to resources in another domain for users without having to
traverse a long trust path since the domains are in separate trees in the
same AD forest. Which trust should you implement?
a.
b.
c.
d.
Parent-child
Tree-root
External
Shortcut
A shortcut trust is used in a situation where a long trust path exists and resource access
takes too long. Shortcut trust can be used for direct access between two domains when
that is frequently required.
Question 85
You have been charged with creating a forest trust relationship between
your organization and a partner organization. The partner organization
uses an internal domain name of partnercorp.private. You need to ensure
that the trust relationship can be created without any issues. What should
you do first?
a. Configure a DNS delegation for the partnercorp.private domain
b. Configure a conditional forwarder in DNS for the
partnercorp.private domain
c. Configure a secondary zone for the partnercorp.private domain
d. Add the partner domain name as a DNS domain name option
in DHCP
You should either configure a conditional forwarder or a stub zone, though the
former is preferred because it does not require zone transfers. This ensures that name
resolution will work correctly between the domains and the trust can be established
without problems.
Question 86
You are the network administrator for your organization. You have a
team of Exchange administrators that are looking to install Exchange
into the existing network environment. Your organization restricts
schema changes to the AD environment. What should you do in order to
implement Exchange?
a. Install an additional domain and install exchange in
that domain
b. Install an additional forest and install exchange in that forest
c. Install Exchange in the current forest
d. Install Exchange in an additional domain tree in the
current forest
Since Exchange is an Active Directory integrated application that requires schema
modifications you will need to install a resource forest for this scenario.
Question 87
You are the network administrator for a single domain with two physical
locations. You have configured a separate Active Directory site for each
location and want to ensure that replication data is secure while in
transit using Kerberos authentication and data encryption. Which of the
following should you do?
a.
b.
c.
d.
Configure a site link to use SMTP

Configure a site link to use LDAP
Configure a site link to use RPC over IP
Configure a site link to use HTTPS
Labeled as IP in the Active Directory Sites and Services utility the RPC over IP protocol is
almost always used for replication and always when replicating the domain partition as
in this scenario.
Question 88
Which of the following network conditions would cause administrators to
disable the bridging of site links in Active Directory Sites and Services?
a.
b.
c.
d.
Network is not fully routed

Replication traffic must be manually controlled
Firewalls separate domain controllers responsible for replication
All of the above
These are all reasons to disable the automatic configuration of connection objects. If the
KCC is allowed to create objects it will consider all site links transitive and will enable
connect objects between all domain controllers.
Question 89
You are a network administrator and want to install the RODC role on a
server in a branch office. The branch office has limited security and no
local administrative personnel. Which of the following is required in order
to complete the deployment of the RODC?
a. Writeable Windows Server 2008 or later domain controller in an
adjacent site
b. Windows Server 2012 Forest Functional Level
c. Elimination of all Windows 2003 domain controllers
d. Server core installation of Windows Server 2012
RODCs will require a direct connection to a domain controller running Windows Server
2008 or later in order to function properly.
Question 90
You are attempting to troubleshoot a replication problem on your Active
Directory domain controller running the Windows Server 2012 operating
system. You have validated network connectivity and would now like to
determine who the replication partners are for a domain controller. Which
of the following commands should you use?
a.
b.
c.
d.
Repadmin /showrepl
Repadmin /kcc
Repadmin /replicate
Repadmin /showobjmeta
This command will return the replication partners and their connection objects.
Question 91
Which of the following functions in Windows Server 2012 provides
additional capabilities as it relates to enrollment ensuring that least
privilege security is maintained?
a.
b.
c.
d.
Restricted enrollment agent

Autoentrollment
Automatic key recovery
Issuing CAs
The restricted enrollment agent will allow administrators to ensure that the model of
least privilege is followed by not allowing enrollment agents too many permissions.
Question 92
You are the network administrator for your organization which consists
of a single domain Active Directory forest. You would like to use AD RMS
to protect documents on for your organization. You have decided to
implement multiple RMS Servers in an RMS cluster for high availability
and load balancing? Where should the configuration of the RMS service
be stored?
a.
b.
c.
d.
Windows Internal database

SQL Server backend database
Local computer file system
Registry
Using a SQL server as the backend database is the recommended scenario in a
production environment.
Question 93
You are the security administrator of your company. The companys
network consists of a single Active Directory domain. All servers on
the network run Windows Server 2012 and all client computers on the
network run Windows 7. A web server named WEB1 hosts a web site that
provides business-specific information to employees in your company
and a partner company. The companys new written security policy states
that all employees must use certificate-based authentication to access
the web site on WEB1 and that Microsoft best practices must be followed
in the implementation of the solution. The employees in the partner
company require a different certificate policy than the policy required for
issuing certificates to internal employees. You are required to implement
a certification authority (CA) hierarchy in your company that will also
issue certificates to the employees of the partner company. How should
you deploy the CA hierarchy while ensuring that maximum protection is
provided to the root CA certificate? (Choose all that apply.)
a. Configure a standalone root CA. Configure an enterprise
subordinate issuing CA that will issue certificates to all the
employees in both companies.
b. Configure a standalone root CA. Configure an enterprise
employees in your company. Configure another enterprise
subordinate issuing CA that will issue certificates to all
employees in the partner company.
c. Configure an enterprise root CA. Configure an enterprise
employees in your company. Configure another enterprise
subordinate issuing CA that will issue certificates to all
employees in the partner company.
d. Add the root CA certificate to the Trusted Root Certification
Authorities store on the partner companys computers.
You should configure separate Enterprise subordinate CAs to provide the separate policy
implementation required in this scenario.
Question 94
You are the network administrator for your organization which consists
of multiple Active Directory domains within a single forest. You have
implemented AD RMS to protect digital content for internal and external
users. You need to ensure that external users can access your root
certification server to obtain licenses to access protected documents.
Which of the following should you do to enable external access to
AD RMS?
a. Require SSL for external clients
b. Deploy dedicated license servers in a perimeter network
c. Ensure the Root Certification cluster URL is configured and
accessible from the Internet
d. Install multiple servers into the RMS Cluster
In order to protect content and make it accessible to external users the AD RMS URL
must be accessible from the Internet, most likely meaning that it is implemented on a
perimeter network.
Question 95
You are the network administrator for your company and are evaluating
the utilization of AD RMS in your environment to protect confidential
company data. Which of the following applications or technologies is not
a good candidate for AD RMS?
a.
b.
c.
d.
Exchange 2010
Office 2007
Third party HR application
Windows Vista
You require applications that are compatible with AD RMS meaning they are capable of
communicating back with that server to ensure the appropriate level of access is granted.
You cannot guarantee that the third party application will support this.
Question 96
You are deploying AD FS in your organization in order to facilitate SSO
relationships with other organizations. Which of the following is NOT a
requirement for AD FS in Windows Server 2012? (Choose all that apply)
a.
b.
c.
d.
AD DS
SQL Server 2008 or later
AD RMS
DNS
Answer: B and C are correct.

AD RMS and AD FS are different from one another and while they may be used together
in an organization, one does not require the other. SQL server 2008 is also not required;
it is a recommendation for AD RMS as the back end database and can be used as an
attribute store for AD FS but is not required.
Question 97
Which of the following AD FS components is where the application is
located and provides the second side of the AD FS authentication and
authorization process?
a.
b.
c.
d.
Claims provider
Attribute store
Relying party
Federation proxy server
The relying party is where the application is located, and it enables the second side
of the ADFS authentication and authorization process. The relying party is a web
service that consumes claims from the claims provider. The relying party server must
have the Microsoft Windows Identity Foundation installed, or use the ADFS 1.0
claims-aware agent.
Question 98
You are implementing AD FS in your organization in order to provide SSO
access to a web application for both your own internal users as well as
a partner organization. Which of the following should you implement in
order to increase security for your AD FS implementation?
a.
b.
c.
d.
Federation Service
Federation Service Proxy
Claims Provider Trust
Relying Party Trust
The federation server proxy is an optional component that you usually deploy in a
perimeter network. It does not add any functionality to the ADFS deployment, but is
deployed just to provide a layer of security for connections from the Internet to the
federation server.
Question 99
You are examining the requirements for implementing Network Load
Balancing for a mission critical web application that is in use in your
organization. Which of the following is NOT a requirement for NLB?
a.
b.
c.
d.
All adapters must use statically configured addresses

All hosts must be on the same subnet
All adapters must use TCP/IP only
Cluster only NICs must use DHCP
This is not a requirement, in fact, all adapters must use static addresses regardless of how
they are used.
Question 100
You are implementing NLB clustering in order to protect your email
front-end servers from failure. You have configured the application,
created the NLB cluster, and installed the same SSL certificate on all
nodes. What should you do next?
a.
b.
c.
d.
Configure affinity settings

Adjust node priority
Configure a port rule
Install additional NICs
In order for the NLB cluster to begin to function it must have at least one port rule that
defines how traffic will be handled for client computers.

Mcse

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Mcse

Enviado por

Direitos autorais:

Formatos disponíveis

Question 1

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Hot spare drives

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Lower cost for print devices

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Nothing additional is needed

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Virtual Machine Integration Services

DHCP authorization in Active Directory

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Configure a client reservation

Restart the service

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Configure a secondary zone

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Simpler address autoconfiguration

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Configure PXE response settings

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Performance Monitor Alert

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Specify Microsoft Intranet update server location

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Disable EFS in the file system

Tel: 1 800.418.6789 | www.learnsmartsystems.com

A additional zone on DNS1

Answer: B, C are correct.

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Answer: A, B, and C are correct.

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Domain Naming Master

Tel: 1 800.418.6789 | www.learnsmartsystems.com

A Windows Server 2008 R2 machine

Active Directory Users and Computers

Tel: 1 800.418.6789 | www.learnsmartsystems.com

The PSO with the highest precedence value will win

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Linking policies to multiple containers

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Group Policy Modeling

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Centralized location for data storage

Branch Cache hosted mode

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Branch Cache for Network Files

Tel: 1 800.418.6789 | www.learnsmartsystems.com

Central access rules